7b0156c36e0f4f09991f191bb58742737aef92320510092f105b3c851c948507

General

Target

get.ps1
Size

1KB
Sample

240520-2gjabaae5t
MD5

cb6eaa30e64acdf6e20a2c1edcab030d
SHA1

39c812e21a9832e463b161c5164d3d4cdc1467fd
SHA256

7b0156c36e0f4f09991f191bb58742737aef92320510092f105b3c851c948507
SHA512

4ed81169aed6c8f3ac5c0caa41bdb6638fcfbc091cc8dd991ea0a49c38f5e38e4404373f3e8f65e11ae3caeac197a7c42f1a8ac949a5a05b3e445af19c5456ab

Score

10^/10

execution

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://raw.githubusercontent.com/massgravel/Microsoft-Activation-Scripts/36f7291963f4264a9e5c9b8d82740ed5d625152a/MAS/All-In-One-Version/MAS_AIO-CRC32_C67E873E.cmd

exe.dropper

https://bitbucket.org/WindowsAddict/microsoft-activation-scripts/raw/36f7291963f4264a9e5c9b8d82740ed5d625152a/MAS/All-In-One-Version/MAS_AIO-CRC32_C67E873E.cmd

Targets

- Target
  
  get.ps1
- Size
  
  1KB
- MD5
  
  cb6eaa30e64acdf6e20a2c1edcab030d
- SHA1
  
  39c812e21a9832e463b161c5164d3d4cdc1467fd
- SHA256
  
  7b0156c36e0f4f09991f191bb58742737aef92320510092f105b3c851c948507
- SHA512
  
  4ed81169aed6c8f3ac5c0caa41bdb6638fcfbc091cc8dd991ea0a49c38f5e38e4404373f3e8f65e11ae3caeac197a7c42f1a8ac949a5a05b3e445af19c5456ab
Score

8^/10

execution
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1